Our first story of 2026 revealed how a destructive new botnet called Kimwolf has infected more than two million devices by mass-compromising a vast number of unofficial Android TV streaming boxes. Today, we’ll dig through digital clues left behind by the hackers, network operators and services that appear to have benefitted from Kimwolf’s spread. On…
Category: Ne’er-Do-Well News
doge, Global Security News, Latest Warnings, Ne'er-Do-Well News, North America, The Coming Storm
Dismantling Defenses: Trump 2.0 Cyber Year in Review
The Trump administration has pursued a staggering range of policy pivots this past year that threaten to weaken the nation’s ability and willingness to address a broad spectrum of technology challenges, from cybersecurity and privacy to countering disinformation, fraud and corruption. These shifts, along with the president’s efforts to restrict free speech and freedom of…
A Little Sunshine, BreachForums, Breadcrumbs, Europe, Global Security News, Ne'er-Do-Well News, Ransomware
Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’
A prolific cybercriminal group that calls itself “Scattered LAPSUS$ Hunters” has dominated headlines this year by regularly stealing data from and publicly mass extorting dozens of major corporations. But the tables seem to have turned somewhat for “Rey,” the moniker chosen by the technical operator and public face of the hacker group: Earlier this week,…
A Little Sunshine, Firefox, Global Security News, Monitor Plus, Ne'er-Do-Well News
Mozilla Says It’s Finally Done With Two-Faced Onerep
In March 2024, Mozilla said it was winding down its collaboration with Onerep — an identity protection service offered with the Firefox web browser that promises to remove users from hundreds of people-search sites — after KrebsOnSecurity revealed Onerep’s founder had created dozens of people-search services and was continuing to operate at least one of…
A Little Sunshine, Global Security News, Ne'er-Do-Well News, North America, Target: Small Businesses
Alleged Jabber Zeus Coder ‘MrICQ’ in U.S. Custody
A Ukrainian man indicted in 2012 for conspiring with a prolific hacking group to steal tens of millions of dollars from U.S. businesses was arrested in Italy and is now in custody in the United States, KrebsOnSecurity has learned. Sources close to the investigation say Yuriy Igorevich Rybtsov, a 41-year-old from the Russia-controlled city of…
A Little Sunshine, Global Security News, Ne'er-Do-Well News, North America, Ransomware, Russia's War on Ukraine, Web Fraud 2.0
Canada Fines Cybercrime Friendly Cryptomus $176M
Financial regulators in Canada this week levied $176 million in fines against Cryptomus, a digital payments platform that supports dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services. The penalties for violating Canada’s anti money-laundering laws come ten months after KrebsOnSecurity noted that Cryptomus’s Vancouver street address was home to dozens of foreign currency…
A Little Sunshine, Exploits, Global Security News, Latest Warnings, Ne'er-Do-Well News, Ransomware, The Coming Storm
ShinyHunters Wage Broad Corporate Extortion Spree
A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has launched a website that threatens to publish data stolen from dozens of Fortune 500 firms if they refuse to pay a ransom. The group also claimed responsibility for a recent breach involving Discord…
A Little Sunshine, Data Breaches, Exploits, Global Security News, Ne'er-Do-Well News, Ransomware
Feds Tie ‘Scattered Spider’ Duo to $115M in Ransoms
U.S. prosecutors last week levied criminal hacking charges against 19-year-old U.K. national Thalha Jubair for allegedly being a core member of Scattered Spider, a prolific cybercrime group blamed for extorting at least $115 million in ransom payments from victims. The charges came as Jubair and an alleged co-conspirator appeared in a London court to face…
A Little Sunshine, Europe, Global Security News, Latest Warnings, Ne'er-Do-Well News, Russia's War on Ukraine
Bulletproof Host Stark Industries Evades EU Sanctions
In May 2025, the European Union levied financial sanctions on the owners of Stark Industries Solutions Ltd., a bulletproof hosting provider that materialized two weeks before Russia invaded Ukraine and quickly became a top source of Kremlin-linked cyberattacks and disinformation campaigns. But new findings show those sanctions have done little to stop Stark from simply rebranding…
Exploits, Global Security News, Judge Harvey E. Schlesinger, King Bob, Ne'er-Do-Well News, SIM Swapping
SIM-Swapper, Scattered Spider Hacker Gets 10 Years
A 20-year-old Florida man at the center of a prolific cybercrime group known as “Scattered Spider” was sentenced to 10 years in federal prison today, and ordered to pay roughly $13 million in restitution to victims. Noah Michael Urban of Palm Coast, Fla. pleaded guilty in April 2025 to charges of wire fraud and conspiracy.…
A Little Sunshine, Elliott Peterson, Exploits, Global Security News, Ne'er-Do-Well News
Oregon Man Charged in ‘Rapper Bot’ DDoS Service
A 22-year-old Oregon man has been arrested on suspicion of operating “Rapper Bot,” a massive botnet used to power a service for launching distributed denial-of-service (DDoS) attacks against targets — including a March 2025 DDoS that knocked Twitter/X offline. The Justice Department asserts the suspect and an unidentified co-conspirator rented out the botnet to online…
A Little Sunshine, Asia Pacific, Global Security News, Ne'er-Do-Well News, The Coming Storm, Web Fraud 2.0
Mobile Phishers Target Brokerage Accounts in ‘Ramp and Dump’ Cashout Scheme
Cybercriminal groups peddling sophisticated phishing kits that convert stolen card data into mobile wallets have recently shifted their focus to targeting customers of brokerage services, new research shows. Undeterred by security controls at these trading platforms that block users from wiring funds directly out of accounts, the phishers have pivoted to using multiple compromised brokerage…
A Little Sunshine, Europe, Global Security News, John Smedley, Joni Soila, Ne'er-Do-Well News, Ransomware
KrebsOnSecurity in New ‘Most Wanted’ HBO Max Series
A new documentary series about cybercrime airing next month on HBO Max features interviews with Yours Truly. The four-part series follows the exploits of Julius Kivimäki, a prolific Finnish hacker recently convicted of leaking tens of thousands of patient records from an online psychotherapy practice while attempting to extort the clinic and its patients. The…
Breadcrumbs, Exploits, Global Security News, Ne'er-Do-Well News, Ransomware, The Coming Storm
Who Got Arrested in the Raid on the XSS Crime Forum?
On July 22, 2025, the European police agency Europol said a long-running investigation led by the French Police resulted in the arrest of a 38-year-old administrator of XSS, a Russian-language cybercrime forum with more than 50,000 members. The action has triggered an ongoing frenzy of speculation and panic among XSS denizens about the identity of the…
A Little Sunshine, Breadcrumbs, Global Security News, Ne'er-Do-Well News, Target: Small Businesses
Phishers Target Aviation Execs to Scam Customers
KrebsOnSecurity recently heard from a reader whose boss’s email account got phished and was used to trick one of the company’s customers into sending a large payment to scammers. An investigation into the attacker’s infrastructure points to a long-running Nigerian cybercrime ring that is actively targeting established companies in the transportation and aviation industries. Image:…
Exploits, Global Security News, Ne'er-Do-Well News, Ransomware
UK Charges Four in ‘Scattered Spider’ Ransom Group
Authorities in the United Kingdom this week arrested four alleged members of “Scattered Spider,” a prolific data theft and extortion group whose recent victims include multiple airlines and the U.K. retail chain Marks & Spencer. Scattered Spider is the name given to an English-speaking cybercrime group known for using social engineering tactics to break into companies…
A Little Sunshine, Asia Pacific, Global Security News, Latest Warnings, Ne'er-Do-Well News, Web Fraud 2.0
Big Tech’s Mixed Response to U.S. Treasury Sanctions
In May 2025, the U.S. government sanctioned a Chinese national for operating a cloud provider linked to the majority of virtual currency investment scam websites reported to the FBI. But a new report finds the accused continues to operate a slew of established accounts at American tech companies — including Facebook, Github, PayPal and Twitter/X.…
A Little Sunshine, Global Security News, Ne'er-Do-Well News, Web Fraud 2.0
Inside a Dark Adtech Empire Fed by Fake CAPTCHAs
Late last year, security researchers made a startling discovery: Kremlin-backed disinformation campaigns were bypassing moderation on social media platforms by leveraging the same malicious advertising technology that powers a sprawling ecosystem of online hucksters and website hackers. A new report on the fallout from that investigation finds this dark ad tech industry is far more…
A Little Sunshine, Amazon, Europe, Funnull, Global Security News, infrastructure laundering, Ivan Neculiti, Microsoft, Ne'er-Do-Well News, Silent Push, Stark Industrires Solutions Ltd, Suncity Group, Web Fraud 2.0, Yuri Neculiti, Zach Edwards
U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
Image: Shutterstock, ArtHead. The U.S. government today imposed economic sanctions on Funnull Technology Inc., a Philippines-based company that provides computer infrastructure for hundreds of thousands of websites involved in virtual currency investment scams known as “pig butchering.” In January 2025, KrebsOnSecurity detailed how Funnull was being used as a content delivery network that catered to…
A Little Sunshine, Breadcrumbs, FudCo, Fudpage, Fudtools, Global Security News, Hamad Nawaz, HeartSender, Hussnain Haider, Muhammad Adeel Akram, Muhammad Aslam, Muhammad Nowsherwan, Muhammad Umar Irshad, National Cyber Crime Investigation Agency, NCCIA Director Abdul Ghaffar, Ne'er-Do-Well News, Rameez Shahzad, Saim Raza, Scylla Intel, Syed Saim Ali Shah, Usama Farooq, Usama Mehmood, WeCodeSolutions, Yasir Ali
Pakistan Arrests 21 in ‘Heartsender’ Malware Service
Authorities in Pakistan have arrested 21 individuals accused of operating “Heartsender,” a once popular spam and malware dissemination service that operated for more than a decade. The main clientele for HeartSender were organized crime groups that tried to trick victim companies into making payments to a third party, and its alleged proprietors were publicly identified…
A Little Sunshine, eset, fbi, Flashpoint, Global Security News, Google, Intel 471, JimmBee, lumen, Lumma Stealer, Maffiozi, Microsoft, Ne'er-Do-Well News, North America, Onix, proofpoint, Russia's War on Ukraine, team cyrmu, U.S. Department of Justice, Zscaler
Oops: DanaBot Malware Devs Infected Their Own PCs
The U.S. government today unsealed criminal charges against 16 individuals accused of operating and selling DanaBot, a prolific strain of information-stealing malware that has been sold on Russian cybercrime forums since 2018. The FBI says a newer version of DanaBot was used for espionage, and that many of the defendants exposed their real-life identities after…
A Little Sunshine, Breadcrumbs, CloudFlare, DDoS, fbi, Forky, Global Security News, Internet of Things (IoT), Jigsaw, Kaike Southier Leite, Mirai, Ne'er-Do-Well News, Project Shield, QiAnXin XLab, stresser, The Coming Storm, U.S. Department of Justice, yfork
KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS
KrebsOnSecurity last week was hit by a near record distributed denial-of-service (DDoS) attack that clocked in at more than 6.3 terabits of data per second (a terabit is one trillion bits of data). The brief attack appears to have been a test run for a massive new Internet of Things (IoT) botnet capable of launching…
A Little Sunshine, Asia Pacific, BreachForums, Data Breaches, Global Security News, Jill Fertel, mark rasch, Ne'er-Do-Well News, Nonstop Health, Pompompurin, RaidForums, Unit 221B
Breachforums Boss to Pay $700k in Healthcare Breach
In what experts are calling a novel legal outcome, the 22-year-old former administrator of the cybercrime community Breachforums will forfeit nearly $700,000 to settle a civil lawsuit from a health insurance company whose customer data was posted for sale on the forum in 2023. Conor Brian Fitzpatrick, a.k.a. “Pompompurin,” is slated for resentencing next month…
A Little Sunshine, Breadcrumbs, eWorldTrade, Federal Investigation Agency, Global Security News, Intersys Limited, Junaid Mansoor, Majestic Ghostwriting, Muhammad Burhan Mirza, NatInfoSec, Ne'er-Do-Well News, North America, Octa Group Technologies AU, Qasim Mansoor, Retrocube LLC, The New York Times, U.S. Department of Justice, U.S. Patent and Trademark Office, Vertical Minds LLC, Web Fraud 2.0
Pakistani Firm Shipped Fentanyl Analogs, Scams to US
A Texas firm recently charged with conspiring to distribute synthetic opioids in the United States is at the center of a vast network of companies in the U.S. and Pakistan whose employees are accused of using online ads to scam westerners seeking help with trademarks, book writing, mobile app development and logo designs, a new…
A Little Sunshine, Evans Osiebo, Global Security News, Group-IB, Joel Evans, lastpass, Mailchimp, MGM, Ne'er-Do-Well News, Noah Urban, North America, Ransomware, Scattered Spider, SIM Swapping, Twilio, Tyler Robert Buchanan, Tylerb
Alleged ‘Scattered Spider’ Member Extradited to U.S.
A 23-year-old Scottish man thought to be a member of the prolific Scattered Spider cybercrime group was extradited last week from Spain to the United States, where he is facing charges of wire fraud, conspiracy and identity theft. U.S. prosecutors allege Tyler Robert Buchanan and co-conspirators hacked into dozens of companies in the United States…
A Little Sunshine, Asia Pacific, Ford Merrill, Global Security News, google android, imessage, Latest Warnings, Lighthouse, Mastercard, Ne'er-Do-Well News, ProDaft, Resecurity, SecAlliance, SilentPush, Smishing Triad, stripe, The Coming Storm, visa, Web Fraud 2.0, Xinxin Group, Z-NFC, Zach Edwards
China-based SMS Phishing Triad Pivots to Banks
China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. Until recently, the so-called “Smishing Triad” mainly impersonated toll road operators and shipping companies. But experts say these groups are now directly targeting customers of international financial institutions, while dramatically expanding their cybercrime…
A Little Sunshine, Android, Asia Pacific, Ford Merrill, Global Security News, Google Apple, Ne'er-Do-Well News, SecAlliance, tap-to-pay fraud, The Coming Storm, Z-NFC
Arrests in Tap-to-Pay Scheme Powered by Phishing
Authorities in at least two U.S. states last week independently announced arrests of Chinese nationals accused of perpetrating a novel form of tap-to-pay fraud using mobile devices. Details released by authorities so far indicate the mobile wallets being used by the scammers were created through online phishing scams, and that the accused were relying on…
Elliptic, Garantex, Global Security News, Ne'er-Do-Well News, Ransomware, U.S. Department of Justice, U.S. Secret Service
Alleged Co-Founder of Garantex Arrested in India
Authorities in India today arrested the alleged co-founder of Garantex, a cryptocurrency exchange sanctioned by the U.S. government in 2022 for facilitating tens of billions of dollars in money laundering by transnational criminal and cybercriminal organizations. Sources close to the investigation told KrebsOnSecurity the Lithuanian national Aleksej Besciokov, 46, was apprehended while vacationing on the…
A Little Sunshine, Global Security News, GootLoader, Interisle Consulting Group, Intrinsec, Kaspersky Lab, Kentik, Ne'er-Do-Well News, North America, Prospero OOO, Ransomware, Securehost, Silent Push, SocGholish, spamhaus, The Coming Storm, Zach Edwards
Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab
One of the most notorious providers of abuse-friendly “bulletproof” web hosting for cybercriminals has started routing its operations through networks run by the Russian antivirus and security firm Kaspersky Lab, KrebsOnSecurity has learned. Security experts say the Russia-based service provider Prospero OOO (the triple O is the Russian version of “LLC”) has long been a…
AT&T, Breadcrumbs, Global Security News, John Erin Binns, Kiberphant0m, Ne'er-Do-Well News, North America
U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason”
A U.S. Army soldier who pleaded guilty last week to leaking phone records for high-ranking U.S. government officials searched online for non-extradition countries and for an answer to the question “can hacking be treason?” prosecutors in the case said Wednesday. The government disclosed the details in a court motion to keep the defendant in custody…
A Little Sunshine, doge, Edward Coristine, Elon Musk, Eric Taylor, Global Security News, Marshal Webb, Ne'er-Do-Well News, Neuralink, North America, Packetware, Path Networks, Rivage, Tesla Sexy LLC, The Com, The Coming Storm, Tucker Preston, Wired
Teen on Musk’s DOGE Team Graduated from ‘The Com’
Wired reported this week that a 19-year-old working for Elon Musk‘s so-called Department of Government Efficiency (DOGE) was given access to sensitive US government systems even though his past association with cybercrime communities should have precluded him from gaining the necessary security clearances to do so. As today’s story explores, the DOGE teen is a…
A Little Sunshine, Breadcrumbs, Exploits, fbi, FudCo, Fudpage, Fudtools, Global Security News, HeartSender, Ne'er-Do-Well News, Operation Talent, Saim Raza, Sellix, The Manipulaters, U.S. Department of Justice, WeCodeSolutions
FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang
The FBI and authorities in The Netherlands this week seized dozens of servers and domains for a hugely popular spam and malware dissemination service operating out of Pakistan. The proprietors of the service, who use the collective nickname “The Manipulaters,” have been the subject of three stories published here since 2015. The FBI said the…
A Little Sunshine, Asia Pacific, Fangneng CDN, Funnull, Global Security News, infrastructure laundering, Microsoft Azure, Ne'er-Do-Well News, NETSCOUT, NoName057(16), polyfill, Richard Hummel, Silent Push, Suncity Group, Time to Patch, U.S. Department of Commerce, Web Fraud 2.0, Zach Edwards
Infrastructure Laundering: Blending in with the Cloud
Image: Shutterstock, ArtHead. In an effort to blend in and make their malicious traffic tougher to block, hosting firms catering to cybercriminals in China and Russia increasingly are funneling their operations through major U.S. cloud providers. Research published this week on one such outfit — a sprawling network tied to Chinese organized crime gangs and…
A Little Sunshine, Global Security News, Judische, Kiberphant0m, Ne'er-Do-Well News, North America, Unit 221B
U.S. Army Soldier Arrested in AT&T, Verizon Extortions
Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon. As first reported by KrebsOnSecurity last month, the accused is a communications specialist who was recently stationed in South…
A Little Sunshine, Asia Pacific, Breadcrumbs, Fin7, Global Security News, Invicti Security, Matt Sciberras, Ne'er-Do-Well News, Neil Roseman, ori0nbusiness@protonmail.com, Silent Push, The Coming Storm, U.S. Department of Health and Human Services, Zach Edwards
Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm
Cybercriminals are selling hundreds of thousands of credential sets stolen with the help of a cracked version of Acunetix, a powerful commercial web app vulnerability scanner, new research finds. The cracked software is being resold as a cloud-based attack tool by at least two different services, one of which KrebsOnSecurity traced to an information technology…
A Little Sunshine, Coinbase, Gemini AI, Global Security News, Google Assistant, Google Docs, Google Forms, Google Photos, Graham Cluely, Junseth, Latest Warnings, Minecraft, Ne'er-Do-Well News, SwanCoin, Trezor, Web Fraud 2.0
How to Lose a Fortune with Just One Bad Click
Image: Shutterstock, iHaMoo. Adam Griffin is still in disbelief over how quickly he was robbed of nearly $500,000 in cryptocurrencies. A scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts directly from google.com, and ultimately seized control over the account by convincing him to…
Global Security News, Intel 471, Mikhail Lenin, Mikhail Shefel, Ne'er-Do-Well News
U.S. Offered $10M for Hacker Just Arrested by Russia
In January 2022, KrebsOnSecurity identified a Russian man named Mikhail Matveev as “Wazawaka,” a cybercriminal who was deeply involved in the formation and operation of multiple ransomware groups. The U.S. government indicted Matveev as a top ransomware purveyor a year later, offering $10 million for information leading to his arrest. Last week, the Russian government…
A Little Sunshine, AT&T, Global Security News, John Erin Binns, Judische, Kiberphant0m, Ne'er-Do-Well News, North America, Ransomware, Snowflake, South Korea, The Coming Storm
Hacker in Snowflake Extortions May Be a U.S. Soldier
Two men have been arrested for allegedly stealing data from and extorting dozens of companies that used the cloud data storage company Snowflake, but a third suspect — a prolific hacker known as Kiberphant0m — remains at large and continues to publicly extort victims. However, this person’s identity may not remain a secret for long:…
A Little Sunshine, Global Security News, lastpass, Mailchimp, Ne'er-Do-Well News, Scattered Spider, SIM Swapping, T-Mobile, Twilio, Tylerb
Feds Charge Five Men in ‘Scattered Spider’ Roundup
Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. technology companies between 2021 and 2023, including LastPass, MailChimp, Okta, T-Mobile and Twilio. A visual depiction of the attacks by the SMS phishing group known…
BreachForums, Data Breaches, Finastra, Global Security News, ke-la.com, Latest Warnings, Ne'er-Do-Well News, The Coming Storm
Fintech Giant Finastra Investigating Data Breach
The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world’s top 50 banks, notified customers of the security incident after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen…
A Little Sunshine, Data Breaches, Global Security News, Helkern, Home Depot breach, Hydra Market, MikeMike, Mikhail Lenin, Mikhail Shefel, Ne'er-Do-Well News, North America, pavel vrublevsky, Peter Vrublevsky, Pharma Wars, Sprut, Sugar ransomware, target breach
An Interview With the Target & Home Depot Hacker
In December 2023, KrebsOnSecurity revealed the real-life identity of Rescator, the nickname used by a Russian cybercriminal who sold more than 100 million payment cards stolen from Target and Home Depot between 2013 and 2014. Moscow resident Mikhail Shefel, who confirmed using the Rescator identity in a recent interview, also admitted reaching out because he…